>>
Site Map
>>
Forums
>>
Security Issues
Forum module - topics in forum:
Security Issues - Get help in securing your PHP-NUKE Installation.
Sentinel
Is the version of sentinel included with Nco Ultra the latest version or is there an updated patch that I need to install?? Also I am unsure about the .htaccess file.. Am I supposed to creat on to record the list of blocked ipaddresses?? I know that the guide states I am just as secure without one but if you recommend that I use one can you give me some guidance on including one
If you are using just nCo Ultra 7.6 then no it isnt. If you are using 7.6.0.3.1 which is 7.6 ultra patched to chatserv 3.1 you still arent updated to the newest one. If havent applied the 3.1 patch to your site we highly suggest it. You must download the 3.1 patch for nCo Ultra that is in our downloads section, if you try to apply the chatserv 3.1 patch you will break your site. The newest versions of NukeSentinel are designed around chatserv 3.1 patch. With nCo patched 3.1 you are on NukeSentinel 2.4.1 to get to the newest version you will have to download the update for 2.4.2, 2.4.2pl2,2.4.2pl3, and finally 2.4.2pl4. You will have to update them in order. Or you can download the entire 2.4.2pl4 and go in and drop your nsnst tables in your database upload and override all of the files and install 2.4.2pl4 as a new install. Regarding the htaccess file you should already have one in root of your site. You dont do anything to this file other than chmod it to 666. When NukeSentinel blocks an attempt it will write the ip to that .htaccess file. Just having NukeSentinel on your site will not stop people from trying to exploit it. You must set up NukeSentinel for it to work. Setting it up is mostly a matter of personal preference.
Ok I opted to install as a new installation I dropped all sentinel files in the data base. I do have another couple questions if you do not mind.. On the edit for core files what do you do with those exactly I am unsure being new to all of this.. Also I want to see if you have ever used pc killer.. If you have and recommend it do I upload the file pc killer to the abuse folder itself or just the contents.. And how do you forward
If you patched you site with the nCo ultra 7.6.0.3.1 patch before uploading your new sentinel the your core edits will already be done. If you didnt then you must open each file that is specifies and find what coding it says to find and do as it states, then save and upload the file. As far as your second I would strongly advise against adding this to your site. Some people that come to your site will get banned for something that NukeSentinel deems as a threat but is not. So I would totally advise against adding that to your site.
Yeah I tested it on a test site and man that thing banned me 10 times for no reason.. Definately not going on my favorites list lol.. Anyways is there any thing else I can do to secure my site ..
Keep NukeSentinel updated, dont make your password easy. Backup your SQL-Database at least once every 2 days that way if you do get exploited you will have a backup of your sql to reinject. That is the basics right there in a nutshell.
One more thing since I updated sentinel I have been banned on my regular sire for flood abuse do you know why it happens
Turn off the flood blocker there is a known bug in it which a fix is being worked on.
